The next evolution of the application architecture is the “service-oriented architecture” (SOA). In SOA, the entire gamut of solutions (e.g. supporting a business process) is broken up into multiple parts or components called services. The design of a microservices architecture is intended to address the limitations of SOA by enabling the individual microservices to communicate with each other using lightweight protocols such as Representational State Transfer (REST). Furthermore, the individual microservices can be developed in platforms best suited for them, allowing for heterogeneity in addition to independent scalability and deployment due to loose coupling between individual microservices.
This new approach presents new security challenges such as an increased attack surface due to an increase in the number of components and secure service discovery as a result of the dynamic nature of service instance due to location changes.
This group assumes that readers have some knowledge of operating system, networking, and security expertise, as well as expertise with application containers, microservices and agile application development approaches such as DevOps.
Please note that this project is a subgroup of the DevSecOps working group. To participate you can join our DevSecOps community and let the leaders know you are interested in this particular area of DevSecOps.
This working group is a subgroup of the DevSecOps working group. The mission of this subgroup is to conduct research on the security of application containers and microservices and publish guidance and best practices for the secure use of application containers and microservices.
No Meetings Currently Scheduled
Working Group Leadership
Co-founder and CEO
Anil is co-chair of the CSA Application Containers and Microservices working group and has led the development of multiple research artifacts, building off the work started in the NIST Cloud Security working group. He is president of the CSA DC Metro Area Chapter, which he has transformed from a dormant chapter into one of North America’s most a...
This person does not have a biography listed with CSA.
Securing Application Containers and Microservices
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Best Practices for Implementing a Secure Application Container Architecture
Understand the challenges of designing, deploying, and operating secure application containers and microservices. Secure DevOps necessitates security as Architects, Developers, and Operators work together to engineer trustworthy secure systems. The scope of this document is limited to application containers and microservices. This document assumes that readers have some operating system, networking, and security expertise, as well as expertise with application containers, microservices and agile application development approaches such as DevOps.
Best Practices in Implementing a Secure Microservices Architecture
Learn best practices for securing microservices in the engineering of trustworthy secure systems. This paper provides the background for the evolution of the microservices architecture, its advantages compared with the previous architectures and the new challenges posed in terms of configuration and security. It also describes the benefits of microservices architecture and provides specific use cases where it enjoys advantages over “service-oriented architecture” (SOA. The security and configuration challenges identified for microservices architecture forms the basis for the issues addressed in the rest of this document.
Challenges in Securing Application Containers and Microservices
This document serves to propose a repeatable approach to architecting, developing and deploying Microservices as a “MAP” (Microservices Architecture Pattern). The proposed MAP contains all the information necessary for a microservice to operate independently and communicate with other microservices which, in aggregate, become capabilities which, in turn, become the components of an application. This paper describes the key elements of the MAP, how they should be designed and deployed, shifting security & compliance left via a continuous compliance-as-code approach.